Solved

Trying to trace where a suspicious file came from that appeared on my Exchange Server.

Posted on 2002-05-21
3
198 Views
Last Modified: 2013-12-28
I have found a couple suspicious password hacking program files residing in a temp folder on my Exchange Server.  To be exact, I found L0phtcrack & Samdump files, and a few others,  in zip format.  It also looks as though someone tried to install L0phtcrack on the server.  Or they succeded in doing so & then later deleted the program without uninstalling it.  A colleague told me about a utility he once had called "Snoop Plus" (or something like that).  This utility, he said, would be able to tell me, among other things, precisely where these files originated from.  For example, if the files were copied from another PC on the network to the Server's drive, the utility would be able to tell me what PC had copied the files onto the server. Or if they were copied from a CD it would tell me that the originated from another local drive on this Server.  Is there such a utility?? Where can I find it?  The only utility I've found on the web with the name Snoop, appears to be a Sun Solaris utility.  Is there another way to narrow down where these files originated from??  Thank you.

Added Comment:  Thanks for the Suggestion 'CSuvendra'.  Unfortunately it is a FAT partition & I cannot access any ownership properties.
0
Comment
Question by:rvshrader
3 Comments
 
LVL 3

Expert Comment

by:ITsheresomewhere
ID: 7025580
listening here....

ITsy
0
 
LVL 2

Accepted Solution

by:
CSuvendra earned 200 total points
ID: 7026099
Just a suggestion. You can always check the Ownership of the zip File from Properties and check who downloaded the file on the Server. Maybe that will give you an insight.
0
 

Expert Comment

by:JW2
ID: 7033128
How about Who's Watching Me at www.trapware.com
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now